I have an ASP.NET app using Ajaxpro and forms authentication. First I was having trouble trying to avoid passing the ajaxpro handlers through authorization, which was resolved when I included them on separate locations on the web.config:
<location path="ajaxpro/prototype.ashx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="ajaxpro/core.ashx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="ajaxpro/converter.ashx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
However, I'm still getting 401 errors when I try to access our AjaxMethods. I event tried to put our types under the following configuration:
<location path="ajaxpro/MyType,MyAssembly.ashx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
but that didn't work properly, and I'm still getting 401 responses in some particular cases: I realized that when my requests have some query string values, this setting isn't working.
I wish I could do something like path="ajaxpro/*", but it seems like that is not possible. Does anyone have other ideas?
You should be able to specify the location with folder name only like this:
<location path="ajaxpro">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
Related
I'm dealing with an issue for the last 3 hours.
I have to build a project with WebForms. I'm setting the authentication like this:
<system.web>
<authentication mode="Forms">
<forms loginUrl="Account/Login.aspx" defaultUrl="Backend/Default.aspx"></forms>
</authentication>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
<compilation debug="true" targetFramework="4.6"/>
<httpRuntime targetFramework="4.6"/>
</system.web>
<location path="Backend/Default.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
Not only when executing the application, does not allow me to enter to Backend/Default.aspx (redirect the site to Account/Login.aspx, but neither allow to access to the login page. I'm getting a not authorized error.
Can anyone tell what I am missing?
Edit:
I have 2 files:
Backend/Default.aspx
Account/Login.aspx I want to be allowed to enter Default.aspx without authentication. But not only doesn't allow me, don't allow me Account/Login.aspx neither.
If I change
<location path="Account/Login.aspx">
To
<location path="Account">
It works. But I only need one file on this folder to be allowed and not the entire folder.
Please tell me if I can give more useful information
Your question is a little confusing so I'm not sure if this will work, but it might give the right approach.
You have
<authorization>
<deny users="?"/>
<allow users="*"/> <-- this allows everyone everywhere, overriding the previous line.
</authorization>
Remove the allow line, blocking everyone from everything
<authorization>
<deny users="?"/>
</authorization>
Then allow a specific folder
<location path="Backend/Default.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
Or, you can have 2 web.config files.
Start with this in the root of your site
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
Then add another web.config file in the Account/ directory that has
<!--Block everyone from everything in this directory-->
<authorization>
<deny users="?"/>
</authorization>
<!--But allow a specific file-->
<location path="Account/Login.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
Hth.
I would like to deny anonymous users access to the folder 'test' but exclude and allow access to a file 'webform1' inside the test folder. Why does this not work?
<location path="test">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
<location path="test/webform1">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
Here is a link to a sample webforms project https://github.com/uselesshasid/StackOverflow_Question_38597397
This is probably a bug in asp.net, with the way it handles authorization when friendly url's are used.
I changed the web.config to define by versions of the file url, and it works.
<location path="test/webform1">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
<location path="test/webform1.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
I have an asp.net application and when I try and turn on the application tracing....
<system.web>
<trace enabled="true" pageOutput="true" requestLimit="40" localOnly="false"/>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="Pages/Account/MyAlerts.aspx">
<system.web>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="Pages/Account/FullDetails.aspx">
<system.web>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="Pages/Account/ActivateLicence.aspx">
<system.web>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
</system.web>
</location>
<system.web>
I get the following error:
I have looked for
<deployment retail=true />
But its not in my config and I really cant see why when I navigate to mysite/trace.axd I get this error.
Look for inherited values from your,
machine.config - if you are using .NET framework 4 its in
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config
Root web.config - if you are using .NET framework 4 its in
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config
if your application configured as sub folder in IIS your web.config values might have been inherited from parent application.
<deployment retail=true /> is typically used in production web servers in machine.config you can read more about config values inheritance from here http://msdn.microsoft.com/en-us/library/ms178685.aspx
In project their is a folder namely customer, inside there is a file namely register.aspx. In web.config have the configuration check like follows
<location path="Customer">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
<location path="Customer/Register.aspx">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
Even i have authorized the register.aspx for unauthorized users but is expecting to authorize. Can any body explain it.
You have to create a Web.Config file in Customer folder and add
<location path="Register.aspx">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
Try switching order of those location nodes. Put allow Register first, and deny Customer second.
I started using dotless in my asp.net site which requires a special httphandler to work. The site uses Forms Authentication. Here's the problem: When I'm logged in the request to http://example.org/stylesheets/mystyles.less works fine. It gives me back the appropriate css. If I'm not logged in the request is denied and I'm redirected to the login page. Is there a way to allow this file to be accessed anonymously? This is not working:
<location path="~/stylesheets">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
The problem is with the path syntax.
This does not work:
<location path="~/stylesheets">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
This DOES work:
<location path="stylesheets">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
Not sure if this is the problem but you're missing a quote mark in your xml.
<location path="~/stylesheets">